entropy depletion

[Ben Laurie]

William Allen Simpson wrote:
> Ben Laurie wrote:
> 
>> William Allen Simpson wrote:
>>
>>>> Why then restrict it to non-communications usages?
>>>
>>>
>>> Because we are starting from the postulate that observation of the
>>> output could (however remotely) give away information about the
>>> underlying state of the entropy generator(s).
>>
>>
>> Surely observation of /dev/urandom's output also gives away information?
>>
> ummm, no, not by definition.
> 
> /dev/random
>  blocks on insufficient estimate of stored entropy
>  useful for indirect measurement of system characteristics
>  (assumes no PRNG)
> 
> /dev/urandom
>  blocks only when insufficient entropy for initialization of state
>  computationally infeasible to determine underlying state
>  (assumes robust PRNG)
> 
> These are the definitions we've been using around here for many years. 
> It does help when everybody is talking about the same things.

Around where? I've never heard of a /dev/random that doesn't include a 
PRNG. But I'll admit its entirely possible I just haven't been paying 
attention. Can you give examples?

In any case, if the postulate is that observing the output could give 
away information about the underlying state, then I cannot see how 
/dev/urandom gets around this problem.

Cheers,

Ben.

-- 
http://www.apache-ssl.org/ben.html       http://www.thebunker.net/

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com